- Compound Finance alerts users about a phishing website after Celer Network stopped a takeover of a website.
- breaches connected to the removal of two-factor authentication and Squarespace’s purchase of Google Domains.
- The attack on Thursday was less successful; not much money was taken, and the perpetrators were blocked by wallets.
One of the two Web3 businesses whose websites were hijacked, Celer Network, claims to have “successfully intercepted” the effort to take over its website. Early on Thursday, Squarespace, a domain hosting company, may be having difficulty. Users are still being advised by Compound Finance not to visit its front-end website as it has been diverted to a fraudulent phishing domain.
In the realm of cryptocurrency, phishing scams are common. Every now and again celebrities or well-known persons in the industry have their social media profiles taken over, and some individuals get links to wallets that are broken. Protocol websites are less vulnerable to attacks, yet they still happen occasionally.
OpenZeppelin engineer and Compound DAO security advisor Michael Lewellen said on X that users should use extreme caution and avoid visiting the website of the $2 billion decentralized lending mechanism. Celer uploaded a similar caution four hours later, but it has already been taken down.
The first notification informed recipients of a DNS domain attack that was impacting multiple projects at the same time.
According to DeFiLlama developer 0xngmi, the front-end websites of at least 128 protocols—including well-known apps like Pendle Finance, dYdX, Thorchain, Axelar, and Thorchain—are purportedly also susceptible. He clarified that even if these websites are safe, their use of Squarespace leaves them open to attack.
On Thursday morning, Axelar posted a statement on the social networking platform X stating that no issues have been discovered with any of the Axelar websites and that its staff is currently constantly monitoring the situation.
Squarespace has not acknowledged the attacks or issued out an alert suggesting that they were investigating any affected systems. The latest update on its status page, which indicated a problem with domain reselling, was two weeks ago.
Squarespace security flaws might have played a part in the hack
The bug may have originated from Squarespace, a domain registrar that Squarespace just acquired from Google Domains, according to suggestions made by Web3 security firm Blockaid and anonymous researcher Samczsun. During the transfer, a number of websites reportedly lost their two-factor authentication, leaving them open to attack.
Based on web data, it seems that hackers took control of the projects’ DNS records and connected them to a new, hacked IP address.
According to Blockaid, the attackers utilize a well-known drainer kit that is associated with the wallet-stealing group Inferno Drainer. Dune Analytics research indicates that since its August 2023 inception, Inferno has siphoned at least $180 million in cryptocurrencies from over 189,000 victims.
On Thursday, though, it appears that the trick was less successful. Less than 1,400 coins are present in the address linked to the malicious website. Ethereum valued at more than $142,000 is kept in a second address that has been in use for nearly a year.
Zerion, Coinbase Wallet, and MetaMask are just a few of the wallets that have blacklisted the addresses.
At this point, it is uncertain where the attack originated, whether a Squarespace employee is at fault if the assault was socially engineered, and whether or not attackers were able to access the accounts within the protocol. There was no threat to the protocols per se.
Over time, attackers have exploited a variety of DeFi systems, including Pancake Swap, Curve Finance, and Frax, by employing comparable tactics.
One of the Web3 initiatives, Aloe Labs, declared that it will be moving to a new domain name provider.
Disclaimer : This article was created for informational purposes only and should not be taken as investment advice. An asset’s past performance does not predict its future returns. Before making an investment, please conduct your own research, as digital assets like cryptocurrencies are highly risky and volatile financial instruments.
